Mobile workplace open to threats

Oct 13, 2016

Enterprises that fail to offer employees a flexible, autonomous, and creative work environment are at risk of not attracting and retaining next-generation talent – however, most workspaces are not ready for the cyber threats of tomorrow.
This is among the findings of a white paper from Dimension Data, “Securing Workspaces for Tomorrow”, that explores how employees across the globe are already demanding a more mobile workplace, with the flexibility to work from anywhere, any time, on any device, in order to become more productive and achieve work-life balance.
“But, because mobile users access the Internet on the go, they’re more vulnerable to attacks as they may not have the same level of security as within the office perimeter,” warns Sean Duffy, security solutions executive of Dimension Data Middle East & Africa.
Today, the average user utilises four devices per day, and this is predicted to increase to five connected devices in the next four years. By 2020, up to 1,55-billion people will be responsible for work that does not confine them to a desk. And it’s predicted that by 2025, the global workforce will hit 3,85-billion, of which 50% of employees will be tech savvy millennials who regard work-life balance as “highly important” when evaluating job opportunities.
Tony Walt, Dimension Data group executive: end-user computing, comments: “A functional mobile workforce allows employees to access corporate applications and data from anywhere, be it working in the headquarters or branch office, co-located with another office tenant, on-site at a client’s premises, at home, or while travelling.
“This increase in fluid collaboration will lead to innovation, and help organisations to secure a competitive advantage. As a result, mobility is not just a preference but a necessity which will inadvertently introduce complexity as it relates to maintaining the integrity of the ‘secured workspace for tomorrow’.”
Duffy cites a sales representative as a good example. “A sales representative using a mobile device such as an iPad or a mobile phone, could unknowingly access a malicious link using an unsecured wireless network resulting in the download of ransomware encrypting his files hours before a client presentation.”
As more enterprises aspire to create future workspaces and harness the benefits of a mobile workforce that leverage cloud platforms, there’s is a greater need than ever before to implement appropriate measures to secure data, infrastructures, applications and users wherever they may reside. The devices, environment, applications, emerging technologies all connect to the Internet, potentially opening up avenues for cyber criminals to exploit the vulnerabilities of the new workspace.
“While the mobile endpoint is a potential game changer for businesses, it exposes mobile workers to security risks and vulnerabilities, as they’re not protected by enterprise-grade security. What’s more, companies are increasingly permitting personal devices – or bring your own device (BYOD) – into the workplace, increasing the risk of data leakage due to the lack of control or visibility into personal devices, or access to the business network if the device is lost or stolen,” adds Duffy.
Other highlights in the Securing Workspaces for Tomorrow white paper include:
* Smart offices: the Internet of Things brings the Internet of Threats: The IoT-enabled workspaces for the future deliver a degree of control and customisation that was not achievable in the past. The office environment is seeing a greater use of CCTVs, as well as smart devices for door locks to lighting, with users controlling them via smartphones and smart hubs. However, these smart devices and their hubs could be more susceptible to cyber-attacks, as they are typically designed with only basic security features.
* Cyberattacks are mostly undetected: they’re often hiding in encrypted HTTPS traffic, or in legitimate files such as word and PDF.
* End users are identified as the weakest link and an internal threat: 54% of security professionals worldwide view phishing / social engineering as one of the two most common threat techniques.
* Cyber criminals could target software-as-a-service (SaaS) platforms: if data in transmission to the cloud is intercepted or residing in the cloud without proper encryption, it becomes an instant gold mine waiting for its discoverers.
* Blocking threats through context-aware security analytics: Context-Aware security analytics can be used to quickly detect a broad range of advanced attacks such as volumetric DDoS, zero-day malware, and insider threats. Along with continuous lateral monitoring across enterprise networks with user, device and application awareness, the solution accelerates incident response, improves forensic investigations and reduces enterprise risk.